Fluffy falls asleep on the job again, your internet connected refrigerator will try and kill you and the 10 most liberal cities in the US - What I am reading 12/15/2015

In an unprecedented move, Twitter has alerted some users that
nation-state sponsored attackers may have attempted to steal their
account information -- such as email address, IP address, and phone
numbers. None of the small number of Twitter user accounts targeted
appear to have been successfully breached, however, according to the
alert.

I predict that this will soon be a new status symbol. People will have I was hacked by Bunfuckistan badges on their various social media accounts. That's how you will know who is worth following.

The flaw results from how the third-party authentication system creates
secret keys: by using the password associated with a disabled username
(krbtgt). That password is rarely changed, making it possible to bypass
the authentication system altogether and allow an attacker to grant
themselves admin privileges, as well as create secret passwords for
existing users and new users that don't exist.

“Well, we just encrypt current timestamp with our secret key. That's what a
normal process looks like. So, if we have an access to the key – we can repeat this
process on behalf of the user and gain legitimate Kerberos tickets and thus
access. Essentially skipping the part of Kerberos authentication, where user
secret key is created from his password,” he asserts.

...

“The attacker can control every aspect of the forged ticket including the Ticket's
user identity, permissions and ticket life time. Attackers typically set Golden
Tickets to have an unusually long lifetime, which allows the possessing entity to
keep using them for a long period without renewal. In addition to the lifetime,
other important attributes of the ticket are typically forged to achieve other
nefarious goals, such as assigning very high permissions, impersonating other
users and even using non-existing user names,” write Be'ery and Cherny.

It seems to me I have heard about this problem before, but I may be mis-remembering. I haven't seen a response from Microsoft yet.

This new push dovetails with amplified fears about extremist immigrants.
The day that she and her husband killed 14 people in San Bernadino,
Ca., Tashfeen Malik “pledged allegiance” to ISIS on Facebook. Today, the Wall Street Journalreports that DHS is working on a new strategy for scouring social media posts in the wake of that attack.

Let's not forget the multi-year history of pro-jihad comments she had made before immigration. This wasn't just one post made the morning she went off to kill 14 people.

At the end of last month, security
researchers from SEC Consult found that the lazy manufacturers of home
routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.

All of the attention stemmed from academic work
showing that Grand Junction spent far less money on Medicare treatments –
with no apparent detriment to people’s health. The lesson seemed
obvious: If the rest of the country became more like Grand Junction,
this nation’s notoriously high medical costs would fall.

The research looked not only at Medicare but also at a huge, new database drawn from private-insurance plans
– the sorts used by most Americans for health care. And it shows that
places that spend less on Medicare do not necessarily spend less on
health care over all. Grand Junction, as it happens, is one of the most
expensive health care markets in the country for the privately insured –
despite its unusually low spending on Medicare.

About Me

53 year old white male oozing privilege and advantage, if you find that sort of thing sexy. But, I care about the less fortunate if you don't. Either way I'm an idiot so take it all with a grain of salt.